Let's talk about VISHING

Hi there!

Hope you’ve had a splendid week??

I had quite an eventful week. An elderly friend of mine got a call from a fraudster posing to be a “service provider”, she didn’t fall for it but the incident got me thinking about you. Will you have fallen for it?

In my last letter, we talked about Smishing, a type of phishing carried out through text messages (click here to read up if you missed it) and today I’d be discussing Vishing. Let’s get down to it.

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information. What this definition makes plain is that an attacker attempts to grab a victim's data and use it for their own benefit—typically, to gain a financial advantage. Vishing or voice scams rely heavily on manipulation and social engineering to get victims to give up personal information. Remember the incident with my friend?

Vishing is performed over the phone using a voice call. This can occur over a landline, cellular network, or a Voice over Internet Protocol (VoIP) system. The cybercriminal typically pretends to be from a trusted source, such as a bank or government organization. Many vishing scams may originate outside of your own country. As such, a lot of vishing scammers will use voice-to-text synthesizers and recorded messages to mask their identity. Those based in your own country may also use a real human on the other end of the line for more targeted scams.

Vishing has the same end goal as many kinds of cyberattacks. In a digitized business and financial environment, all that stands between a criminal and the money of victims is access credentials, credit card numbers, or personal data that can be later used to execute identity theft.

A popular tactic used by vishing scammers is called “ID Spoofing”. ID spoofing allows them to send out phone calls that appear to be from a legitimate or localized source. Victims may feel more compelled to pick up the call as a result. However, many vishing scammers also leave a pre-recorded voicemail message should the call be ignored. Now you may ask, how do you prevent yourself from falling prey to a vishing scam?

Below are 5 important things you MUST do to avoid vishing scams:

• Do not share sensitive details over the phone - Remember that no bank calls you regarding the debit or credit details over the phone. Any caller who asks for this sort of detail is a big sign that they want to steal your information.
• Verify the Caller's Identity - You can do an online search for the caller, their company, their physical location, and other information you can use to verify their legitimacy.
• Hang Up - When in doubt, just hang up the phone.
• Do Not Press Buttons or Respond to Prompts - Automated vishing calls depend on feedback from the victim. If you refuse to press buttons or answer questions, the attack can be stopped.
• Use a Call Identification and Spam Blocking application – Mobile users can download and install a call identification and spam blocking application from their application store. Such an app can help identify numbers used by fraudsters as these would have been flagged by other users. An example of this is Truecalller. If you find a suspicious number calling, don’t pick up.

Note: Cybercriminals will always come up with new and innovative ways to get access to your personal data, and if you feel you might have fallen victim to an angler phishing attack on social, it is important to report it.?

Side Gists

The “A Day in the Life” series continues this week for our CyberGirls and ECSL programs. Cybersecurity Professionals from various fields have taken turns sharing their experiences in cybersecurity with the fellows and answering questions specific to what a career in their field requires. You can join some of the sessions via our YouTube channel in the new week.

Special shout out to the British Women’s Group for their donation to the DigiGirls program. The Data Support Fund will reward DigiGirls Beneficiaries who do excellently well in their coursework. We are grateful for the donation and your support in empowering girls and women in Nigeria. If you are interested in having any of our alumni intern at your organization upon completion of their training, please send an email to [email protected] stating your interest.

It is always fun writing to you and I look forward to doing it again. In my next letter, I would be talking about the differences between spamming and phishing. You do not want to miss it.

Till then, stay well and remain cyber safe! ??

Yours truly,

Bolatito